Aaron Swartz aaronsw

## electionnight.html
<head>
<style>
    body { padding: 0; margin: 0; }
#ev { width: 100%; position: fixed; background-color: white; margin: 0; }
#obama_votes, #romney_votes { text-align: center; }
#obama_votes { color: blue; }
#romney_votes { color: red; }
</style>
<script src="electionnight.js"></script>
<script src="http://graphics8.nytimes.com/packages/html/1min/elections/2012/fivethirtyeight/fivethirtyeight-ccol-top.js"></script>

## gist:3756963

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                aaronsw
                / gist:3756963
            
            
              Created
              September 20, 2012 16:38
            
              
                comment on http://www.links.org/?p=1277&cpage=1#comment-583263
              
          
    Reply to Ben Laurie
I think even a longer ciphertext could end up being faster if the plaintext was compressed. So imagine that the plaintext message is 1K, the cipher(plaintext) is 1K, compress(plaintext) is .2K and cipher(pad(compress(plaintext))) is 1.5K. The browser would only need to download the first .2K before it started displaying the page (since the rest is just padding). It would still continue downloading the padding, so that attackers wouldn’t know what the compressed length was, but the user would experience the page loading as fast as if it was compressed.
The big flaw would be if the user took a next action, the attacker might be able to back-calculate how much of the page they had received how quickly, but humans introduce enough randomness that this would be a far more difficult attack.

  
## podspeed
#!/usr/bin/osascript

on run argv
  tell application "iTunes"
    pause
    set my_track to location of current track
    set my_seconds to player position
  end tell

  tell application "QuickTime Player"

## montyhall.py
import random

DOORS = (1,2,3)

def hallpicker(strategy):
    prize = random.choice(DOORS)
    firstchoice = random.choice(DOORS)
    if strategy == 'stay':
        return firstchoice == prize
    elif strategy == 'switch':

## intro.html
<style>
.odd { background-color: #d5d5d5; }
</style>

<h1 style="text-align: center">Intro Exercise</h1>

<table style="float: left; padding-right: 1em; ">
<tr><th>Rung <th>Bend <th>Sit up <th>Leg lift <th>Push up <th>Steps <th colspan=2>Count
<tr><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td colspan=2><hr noshade size=1>
<tr><td align=center>1<td align=center>2<td align=center>3<td align=center>4<td align=center>2<td align=center>105<td align=center>1<td align=center>30

## gotour-70.go
package main

import (
	"fmt"
	"time"
)

type Fetcher interface {
	// Fetch returns the body of URL and
	// a slice of URLs found on that page.

## gist:2653930
Delivered-To: me@aaronsw.com
Received: by 10.213.9.17 with SMTP id j17csp4766ebj;
        Tue, 8 May 2012 20:34:50 -0700 (PDT)
Received: by 10.182.207.10 with SMTP id ls10mr30733797obc.9.1336534489928;
        Tue, 08 May 2012 20:34:49 -0700 (PDT)
Return-Path: <>
Received: from mx3.name.com (mx3.name.com. [173.192.7.98])
        by mx.google.com with ESMTP id s3si768112obn.1.2012.05.08.20.34.49;
        Tue, 08 May 2012 20:34:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of mx3.name.com designates 173.192.7.98 as permitted sender) client-ip=173.192.7.98;

## profile.py
#! /usr/bin/env python
#
# Class for profiling python code. rev 1.0  6/2/94
#
# Based on prior profile module by Sjoerd Mullender...
#   which was hacked somewhat by: Guido van Rossum

"""Class for profiling Python code."""

# Copyright 1994, by InfoSeek Corporation, all rights reserved.

## browserid.py
import urllib, json
class FalseStorage(web.storage):
    def __nonzero__(self): return False

def browserid():
    c = web.cookies()
    if c.get('browserid_assertion'):
        out = urllib.urlencode(dict(audience=web.ctx.host, assertion=c.browserid_assertion))
        o = json.loads(urllib.urlopen('https://browserid.org/verify', out).read())
        if o['status'] == 'failure':

## browserid.js
function setCookie(c_name, value, exdays) {
  var exdate = new Date();
  exdate.setDate(exdate.getDate() + exdays);
  var c_value = escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
  document.cookie = c_name + "=" + c_value;
}

function browserid_login_callback(assertion){
  setCookie('browserid_assertion', assertion, 90);
  window.location.reload();
	<head>
	<style>
	body { padding: 0; margin: 0; }
	#ev { width: 100%; position: fixed; background-color: white; margin: 0; }
	#obama_votes, #romney_votes { text-align: center; }
	#obama_votes { color: blue; }
	#romney_votes { color: red; }
	</style>
	<script src="electionnight.js"></script>
	<script src="http://graphics8.nytimes.com/packages/html/1min/elections/2012/fivethirtyeight/fivethirtyeight-ccol-top.js"></script>
	#!/usr/bin/osascript

	on run argv
	tell application "iTunes"
	pause
	set my_track to location of current track
	set my_seconds to player position
	end tell

	tell application "QuickTime Player"
	import random

	DOORS = (1,2,3)

	def hallpicker(strategy):
	prize = random.choice(DOORS)
	firstchoice = random.choice(DOORS)
	if strategy == 'stay':
	return firstchoice == prize
	elif strategy == 'switch':
	<style>
	.odd { background-color: #d5d5d5; }
	</style>

	<h1 style="text-align: center">Intro Exercise</h1>

	<table style="float: left; padding-right: 1em; ">
	<tr><th>Rung <th>Bend <th>Sit up <th>Leg lift <th>Push up <th>Steps <th colspan=2>Count
	<tr><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td><hr noshade size=1><td colspan=2><hr noshade size=1>
	<tr><td align=center>1<td align=center>2<td align=center>3<td align=center>4<td align=center>2<td align=center>105<td align=center>1<td align=center>30
	package main

	import (
	"fmt"
	"time"
	)

	type Fetcher interface {
	// Fetch returns the body of URL and
	// a slice of URLs found on that page.
	Delivered-To: me@aaronsw.com
	Received: by 10.213.9.17 with SMTP id j17csp4766ebj;
	Tue, 8 May 2012 20:34:50 -0700 (PDT)
	Received: by 10.182.207.10 with SMTP id ls10mr30733797obc.9.1336534489928;
	Tue, 08 May 2012 20:34:49 -0700 (PDT)
	Return-Path: <>
	Received: from mx3.name.com (mx3.name.com. [173.192.7.98])
	by mx.google.com with ESMTP id s3si768112obn.1.2012.05.08.20.34.49;
	Tue, 08 May 2012 20:34:49 -0700 (PDT)
	Received-SPF: pass (google.com: best guess record for domain of mx3.name.com designates 173.192.7.98 as permitted sender) client-ip=173.192.7.98;
	#! /usr/bin/env python
	#
	# Class for profiling python code. rev 1.0 6/2/94
	#
	# Based on prior profile module by Sjoerd Mullender...
	# which was hacked somewhat by: Guido van Rossum

	"""Class for profiling Python code."""

	# Copyright 1994, by InfoSeek Corporation, all rights reserved.
	import urllib, json
	class FalseStorage(web.storage):
	def __nonzero__(self): return False

	def browserid():
	c = web.cookies()
	if c.get('browserid_assertion'):
	out = urllib.urlencode(dict(audience=web.ctx.host, assertion=c.browserid_assertion))
	o = json.loads(urllib.urlopen('https://browserid.org/verify', out).read())
	if o['status'] == 'failure':
	function setCookie(c_name, value, exdays) {
	var exdate = new Date();
	exdate.setDate(exdate.getDate() + exdays);
	var c_value = escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
	document.cookie = c_name + "=" + c_value;
	}

	function browserid_login_callback(assertion){
	setCookie('browserid_assertion', assertion, 90);
	window.location.reload();